Test ID:	1.3.6.1.4.1.25623.1.0.118433
Category:	General
Title:	Tenable Nessus Network Monitor < 5.11.0 Multiple Vulnerabilities (TNS-2019-08)
Summary:	Tenable Nessus Network Monitor is prone to multiple vulnerabilities.
Description:	Summary: Tenable Nessus Network Monitor is prone to multiple vulnerabilities. Vulnerability Insight: Several third-party components (OpenSSL, jQuery and moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers. Nessus Network Monitor 5.11.0 updates OpenSSL to version 1.1.1d, jQuery to 3.4.1 and moment.js to 2.24.0 to address the identified vulnerabilities. Additionally, the InstallShield Installer for Windows installations has been updated to v.2016. Affected Software/OS: Tenable Nessus Network Monitor prior to version 5.11.0. Solution: Update to version 5.11.0 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-9251 BugTraq ID: 105658 http://www.securityfocus.com/bid/105658 Bugtraq: 20190509 dotCMS v5.1.1 Vulnerabilities (Google Search) https://seclists.org/bugtraq/2019/May/18 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.tenable.com/security/tns-2019-08 http://seclists.org/fulldisclosure/2019/May/13 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/10 http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc https://github.com/jquery/jquery/issues/2432 https://github.com/jquery/jquery/pull/2588 https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2 https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 https://snyk.io/vuln/npm:jquery:20150627 https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E RedHat Security Advisories: RHSA-2020:0481 https://access.redhat.com/errata/RHSA-2020:0481 RedHat Security Advisories: RHSA-2020:0729 https://access.redhat.com/errata/RHSA-2020:0729 SuSE Security Announcement: openSUSE-SU-2020:0395 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2542 BugTraq ID: 84213 http://www.securityfocus.com/bid/84213 https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues https://us-cert.cisa.gov/ics/advisories/icsa-20-287-03 https://www.oracle.com/security-alerts/cpuApr2021.html http://www.securitytracker.com/id/1035097 Common Vulnerability Exposure (CVE) ID: CVE-2019-11358 BugTraq ID: 108023 http://www.securityfocus.com/bid/108023 Bugtraq: 20190421 [SECURITY] [DSA 4434-1] drupal7 security update (Google Search) https://seclists.org/bugtraq/2019/Apr/32 Bugtraq: 20190612 [SECURITY] [DSA 4460-1] mediawiki security update (Google Search) https://seclists.org/bugtraq/2019/Jun/12 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 https://security.netapp.com/advisory/ntap-20190919-0001/ https://www.synology.com/security/advisory/Synology_SA_19_19 https://www.tenable.com/security/tns-2020-02 Debian Security Information: DSA-4434 (Google Search) https://www.debian.org/security/2019/dsa-4434 Debian Security Information: DSA-4460 (Google Search) https://www.debian.org/security/2019/dsa-4460 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/ https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1 https://backdropcms.org/security/backdrop-sa-core-2019-009 https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b https://github.com/jquery/jquery/pull/4333 https://snyk.io/vuln/SNYK-JS-JQUERY-174006 https://www.drupal.org/sa-core-2019-006 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E http://www.openwall.com/lists/oss-security/2019/06/03/2 https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E RedHat Security Advisories: RHBA-2019:1570 https://access.redhat.com/errata/RHBA-2019:1570 RedHat Security Advisories: RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456 RedHat Security Advisories: RHSA-2019:2587 https://access.redhat.com/errata/RHSA-2019:2587 RedHat Security Advisories: RHSA-2019:3023 https://access.redhat.com/errata/RHSA-2019:3023 RedHat Security Advisories: RHSA-2019:3024 https://access.redhat.com/errata/RHSA-2019:3024 SuSE Security Announcement: openSUSE-SU-2019:1839 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html SuSE Security Announcement: openSUSE-SU-2019:1872 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2019-1547 Bugtraq: 20190912 [slackware-security] openssl (SSA:2019-254-03) (Google Search) https://seclists.org/bugtraq/2019/Sep/25 Bugtraq: 20191001 [SECURITY] [DSA 4539-1] openssl security update (Google Search) https://seclists.org/bugtraq/2019/Oct/1 Bugtraq: 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update (Google Search) https://seclists.org/bugtraq/2019/Oct/0 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a https://security.netapp.com/advisory/ntap-20190919-0002/ https://security.netapp.com/advisory/ntap-20200122-0002/ https://security.netapp.com/advisory/ntap-20200416-0003/ https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp;utm_medium=RSS https://www.openssl.org/news/secadv/20190910.txt https://www.tenable.com/security/tns-2019-09 Debian Security Information: DSA-4539 (Google Search) https://www.debian.org/security/2019/dsa-4539 Debian Security Information: DSA-4540 (Google Search) https://www.debian.org/security/2019/dsa-4540 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ https://security.gentoo.org/glsa/201911-04 http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html https://arxiv.org/abs/1909.01785 https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:2158 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html SuSE Security Announcement: openSUSE-SU-2019:2189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html https://usn.ubuntu.com/4376-1/ https://usn.ubuntu.com/4376-2/ https://usn.ubuntu.com/4504-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1552 CERT/CC vulnerability note: VU#429301 https://www.kb.cert.org/vuls/id/429301 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9 https://security.netapp.com/advisory/ntap-20190823-0006/ https://support.f5.com/csp/article/K94041354 https://support.f5.com/csp/article/K94041354?utm_source=f5support&amp;utm_medium=RSS https://www.openssl.org/news/secadv/20190730.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.